Skip to content

paulbdavis/keto-maester

Repository files navigation

Table of Contents generated with DocToc

Keto-maester

This project contains a Kubernetes controller that uses Custom Resources (CR) to manage Keto access control policies and roles. ORY Keto Maester watches for instances of oryaccesscontrolpolicyrole.keto.ory.sh/v1alpha1 and oryaccesscontrolpolicy.keto.ory.sh/v1alpha1 CRs and creates, updates, or deletes corresponding ORY access control policies and roles by communicating with ORY Keto's API.

View sample ORY access control policy resources to learn more about the oryaccesscontrolpolicyrole.keto.ory.sh/v1alpha1 and oryaccesscontrolpolicy.keto.ory.sh/v1alpha1 CRs.

The project is based on Kubebuilder.

Prerequisites

  • recent version of Go language with support for modules (e.g: 1.12.6)
  • make
  • kubectl
  • kustomize
  • kubebuilder for running tests
  • ginkgo for local integration testing
  • access to K8s environment: minikube or a remote K8s cluster
  • mockery to generate mocks for testing purposes

Design

Take a look at Design Readme.

How to use it

  • make test to run tests
  • make test-integration to run integration tests
  • make install to generate CRD file from go sources and install it on the cluster
  • export KETO_URL={KETO_SERVICE_URL} && make run to run the controller

To deploy the controller, edit the value of the --keto-url argument in the manager.yaml file and run make deploy.

Command-line flags

Name Required Description Default value Example values
keto-url yes ORY Keto's service address - ory-keto-api.ory.svc.cluster.local
keto-port no ORY Keto's service port 4444 4444

Development

Testing

Use mockery to generate mock types that implement existing interfaces. To generate a mock type for an interface, navigate to the directory containing that interface and run this command:

mockery -name={INTERFACE_NAME}

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages